Whether it’s a cyberattack, data breach or inadvertent mistake from an admin, the danger of the insider threat is growing. Active Directory is a prime target for attackers because of its importance for authentication and authorization for all users. But when you’re worrying about those threats coming from external sources as well as internally it can feel like an uphill battle.
Insider threats and Active Directory
“Insider threat” doesn’t necessarily mean that your employees, contractors or visitors are out to get you. Most of the time it means that some insider you trust is a weak link — opened the wrong attachment, missed the employee security training, clicked on the wrong link, got phished — and inadvertently gave a malicious outsider a break.
Those outsiders can give themselves access to all kinds of resources on your network and in the cloud, such as customer information, billing data, financials and human resource info. It’s as if someone stole a key card to your executive offices as was able to wander through offices and poke around in desk drawers.
The biggest danger to Active Directory from insider threats is that it’s hard to tell when a bad guy is lurking in your network. By the time he gets to AD, he can usually cover his tracks and stay hidden a long time. In fact, the 2014 Verizon Data Break Investigation reported that it takes an organization an average of 205 days to detect a security break from the initial moment it takes place.
Are you prepared for your next insider threat?
Upon discovering that someone has illegitimately accessed data on the network, IT managers initially believe (hope, really) that the threat came from outside. But as recent, headline-grabbing data breaches demonstrate, a lapse in internal security—whether accidental or malicious—often makes the attack possible in spite of robust external security.
See how a typical insider threat unfolds and learn security best practices that minimize the risk of the insider threat to the availability, confidentiality and integrity of AD.
Find out about these best practices and more, including how third-party tools—like InTrust from Quest—can help make insider threats a thing of the past to uncover and analyze insider attacks.
Next week is EMC World Software User Forum so it's your last chance to get all the latest info. See you in Austin!